/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-01 20:01:26 UTC
  • mto: This revision was merged to the branch mainline in revision 759.
  • Revision ID: teddy@recompile.se-20150701200126-qb3f6c3jcas2f4og
mandos-client: Try to start a plugin to add and remove a local route.

* debian/mandos-client.README.Debian: Add setting of environment
                                      variable MANDOSPLUGINHELPERDIR
                                      to command line testing
                                      mandos-client.
* mandos-client.c (raise_privileges): Moved to top of file.
                  (raise_privileges_permanently): - '' -
                  (lower_privileges): - '' -
                  (lower_privileges_permanently): - '' -
  (add_remove_local_route, add_local_route, remove_local_route): New.
  (start_mandos_communication): Set SOCK_CLOEXEC flag on socket.  Run
                                the above functions to add (and
                                remove) local route, if the conditions
                                indicates it could help.
  (run_network_hooks): Use O_DIRECTORY, O_PATH, and O_CLOEXEC flags
                       when opening network hook directory. Do
                       TEMP_FAILURE_RETRY around opening of /dev/null
                       and network hook executables.  Move redirecting
                       of stdout and stderr to as late as possible
                       before fexecve().
  (main): Use O_DIRECTORY and O_PATH when opening temporary directory.
* plugins.d/mandos-client.xml (ENVIRONMENT): Document usage of the
                                             MANDOSPLUGINHELPERDIR
                                             environment variable.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plymouth">
5
 
<!ENTITY TIMESTAMP "2019-07-27">
 
5
<!ENTITY TIMESTAMP "2012-01-01">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
34
34
      <year>2010</year>
35
35
      <year>2011</year>
36
36
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
 
      <year>2016</year>
41
 
      <year>2017</year>
42
 
      <year>2018</year>
43
 
      <year>2019</year>
44
37
      <holder>Teddy Hogeborn</holder>
45
38
      <holder>Björn Påhlsson</holder>
46
39
    </copyright>
61
54
  <refsynopsisdiv>
62
55
    <cmdsynopsis>
63
56
      <command>&COMMANDNAME;</command>
64
 
      <arg choice="opt">
65
 
        <option>--prompt <replaceable>PROMPT</replaceable></option>
66
 
      </arg>
67
 
      <arg><option>--debug</option></arg>
68
 
    </cmdsynopsis>
69
 
    <cmdsynopsis>
70
 
      <command>&COMMANDNAME;</command>
71
 
      <group choice="req">
72
 
        <arg choice="plain"><option>--help</option></arg>
73
 
        <arg choice="plain"><option>-?</option></arg>
74
 
      </group>
75
 
    </cmdsynopsis>
76
 
    <cmdsynopsis>
77
 
      <command>&COMMANDNAME;</command>
78
 
      <arg choice="plain"><option>--usage</option></arg>
79
 
    </cmdsynopsis>
80
 
    <cmdsynopsis>
81
 
      <command>&COMMANDNAME;</command>
82
 
      <group choice="req">
83
 
        <arg choice="plain"><option>--version</option></arg>
84
 
        <arg choice="plain"><option>-V</option></arg>
85
 
      </group>
86
57
    </cmdsynopsis>
87
58
  </refsynopsisdiv>
88
59
  
124
95
  <refsect1 id="options">
125
96
    <title>OPTIONS</title>
126
97
    <para>
127
 
      This program is commonly not invoked from the command line; it
128
 
      is normally started by the <application>Mandos</application>
129
 
      plugin runner, see <citerefentry><refentrytitle
130
 
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
131
 
      </citerefentry>.  Any command line options this program accepts
132
 
      are therefore normally provided by the plugin runner, and not
133
 
      directly.
 
98
      This program takes no options.
134
99
    </para>
135
 
    
136
 
    <variablelist>
137
 
      <varlistentry>
138
 
        <term><option>--prompt=<replaceable
139
 
        >PROMPT</replaceable></option></term>
140
 
        <listitem>
141
 
          <para>
142
 
            The password prompt.  Note that using this option will
143
 
            make this program ignore the <envar>cryptsource</envar>
144
 
            and <envar>crypttarget</envar> environment variables.
145
 
          </para>
146
 
        </listitem>
147
 
      </varlistentry>
148
 
      
149
 
      <varlistentry>
150
 
        <term><option>--debug</option></term>
151
 
        <listitem>
152
 
          <para>
153
 
            Enable debug mode.  This will enable a lot of output to
154
 
            standard error about what the program is doing.  The
155
 
            program will still perform all other functions normally.
156
 
          </para>
157
 
        </listitem>
158
 
      </varlistentry>
159
 
      
160
 
      <varlistentry>
161
 
        <term><option>--help</option></term>
162
 
        <term><option>-?</option></term>
163
 
        <listitem>
164
 
          <para>
165
 
            Gives a help message about options and their meanings.
166
 
          </para>
167
 
        </listitem>
168
 
      </varlistentry>
169
 
      
170
 
      <varlistentry>
171
 
        <term><option>--usage</option></term>
172
 
        <listitem>
173
 
          <para>
174
 
            Gives a short usage message.
175
 
          </para>
176
 
        </listitem>
177
 
      </varlistentry>
178
 
      
179
 
      <varlistentry>
180
 
        <term><option>--version</option></term>
181
 
        <term><option>-V</option></term>
182
 
        <listitem>
183
 
          <para>
184
 
            Prints the program version.
185
 
          </para>
186
 
        </listitem>
187
 
      </varlistentry>
188
 
    </variablelist>
189
100
  </refsect1>
190
101
  
191
102
  <refsect1 id="exit_status">
207
118
        <term><envar>crypttarget</envar></term>
208
119
        <listitem>
209
120
          <para>
210
 
            If set, and if the <option>--prompt</option> option is not
211
 
            used, these environment variables will be assumed to
 
121
            If set, these environment variables will be assumed to
212
122
            contain the source device name and the target device
213
123
            mapper name, respectively, and will be shown as part of
214
124
            the prompt.
216
126
        <para>
217
127
          These variables will normally be inherited from
218
128
          <citerefentry><refentrytitle>plugin-runner</refentrytitle>
219
 
          <manvolnum>8mandos</manvolnum></citerefentry>, which might
220
 
          have in turn inherited them from its calling process.
 
129
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
 
130
          normally have inherited them from
 
131
          <filename>/scripts/local-top/cryptroot</filename> in the
 
132
          initial <acronym>RAM</acronym> disk environment, which will
 
133
          have set them from parsing kernel arguments and
 
134
          <filename>/conf/conf.d/cryptroot</filename> (also in the
 
135
          initial RAM disk environment), which in turn will have been
 
136
          created when the initial RAM disk image was created by
 
137
          <filename
 
138
          >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
 
139
          extracting the information of the root file system from
 
140
          <filename >/etc/crypttab</filename>.
221
141
        </para>
222
142
        <para>
223
143
          This behavior is meant to exactly mirror the behavior of
224
 
          <command>askpass</command>, the default password prompter
225
 
          from initramfs-tools.
 
144
          <command>askpass</command>, the default password prompter.
226
145
        </para>
227
146
        </listitem>
228
147
      </varlistentry>
282
201
      daemon and starting a new one is ugly, but necessary as long as
283
202
      it does not support aborting a password request.
284
203
    </para>
285
 
    <xi:include href="../bugs.xml"/>
286
204
  </refsect1>
287
205
  
288
206
  <refsect1 id="example">
295
213
    </para>
296
214
    <informalexample>
297
215
      <para>
298
 
        Normal invocation needs no options:
 
216
        This program takes no options.
299
217
      </para>
300
218
      <para>
301
219
        <userinput>&COMMANDNAME;</userinput>
302
220
      </para>
303
221
    </informalexample>
304
 
    <informalexample>
305
 
      <para>
306
 
        Show a different prompt.
307
 
      </para>
308
 
      <para>
309
 
        <userinput>&COMMANDNAME; --prompt=Password</userinput>
310
 
      </para>
311
 
    </informalexample>
312
222
  </refsect1>
313
223
  
314
224
  <refsect1 id="security">
354
264
    <para>
355
265
      <citerefentry><refentrytitle>intro</refentrytitle>
356
266
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
267
      <citerefentry><refentrytitle>crypttab</refentrytitle>
 
268
      <manvolnum>5</manvolnum></citerefentry>,
357
269
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
358
270
      <manvolnum>8mandos</manvolnum></citerefentry>,
359
271
      <citerefentry><refentrytitle>proc</refentrytitle>